Book A Demo

Are we compliant with GDPR?

Compliance with the General Data Protection Regulation (GDPR) is integral to all our systems and processes. GDPR is the standard in the European Union (EU) governing the privacy and data protection of EU residents. Wolke stands ready to support and assist its clients who have employees residing in the EU as they also meet their own obligations under GDPR.

What is GDPR Compliance

In response to the public’s growing concern about privacy, the European Parliament adopted the GDPR to replace an outdated data protection directive from 1995. GDPR establishes more stringent requirements for businesses to protect the personal data and privacy of citizens of the European Union and the European Economic Area (EEA). The regulation applies for transactions that occur within EU member states, as well as the transfer of personal data outside the EU and EEA areas.

GDPR is not optional, and any company that does comply faces the threat of large fines, depending on the severity and circumstances of the violation. These fines can be as steep as 4 percent of annual global revenue or up to €20 million. Every organization that does business in Europe or with EU or EEA citizens must ensure that they are following GDPR guidelines; non-compliance could cost them greatly.

To comply with GDPR, companies who have EU based employees need to comply with the following important requirements:

  • Obtain consent to collect and process personal information
  • Protect personal data
  • Control access to personal data
  • Provide the option to erase personal data
  • Inform customers of data breaches

Our approach to GDPR for HR Professionals

Wolke is staying ahead of the GDPR changes, both in its role as a data processor and in support of data controllers. Wolke’s efforts include:
  • Our goal is to provide a great software platform that allows clients to comply with GDPR requirements while having a great experience.
  • Ensuring data is protected during transmission and while it is being hosted by using industry-standard technical processes and procedures. We demonstrate our compliance with these critical requirements through an annual SOC II audit by an independent auditor.
  • Our data centers and collection networks are located within the European Union. For these critical processes, we have selected a world-class service provider: Microsoft Azure. Our stringent data protection and security standards made them the obvious choice for all customer data, including data from EMEA, the United States, and the EU.
  • Developing a Data Processing Agreement (DPA) that complies with GDPR with help from EU and U.S. legal counsel. It also incorporates the European Model Clauses, also known as the Standard Contractual Clauses, which will be used by all clients who are data controllers under the GDPR.
  • The GDPR defines acceptable timelines for processing client data requests, whether you are requesting consent, providing access, or erasing data. We will also notify you promptly in the event of a data breach.
  • To support our clients’ compliance efforts, we stay abreast of GDPR developments and guidance.

Want to see One people in action?

To request a personal demo, please complete the form below and one of our experts will contact you shortly.

Would you like more information on One People's pricing, plans, or how it can work for your business? We have answers. Let's chat.

Discover how One People can help businesses manage their human resources and payroll